package com.mmall.controller.portal;

import com.mmall.common.Const;
import com.mmall.common.ResponseCode;
import com.mmall.common.ServerResponse;
import com.mmall.pojo.User;
import com.mmall.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;

/**
 * Created by Administrator on 2017/12/6.
 */

@Controller
@RequestMapping("/user/")
public class UserController {
    //注入
    @Autowired
    private IUserService iUserService;

    /**
    *用户登录
     * @param username
     * @param password
     * @param session
     * @return
     */
    @RequestMapping(value = "login.do",method = RequestMethod.POST)
    @ResponseBody
    public ServerResponse<User> login (String username , String password , HttpSession session){
        //service -->mybatis --->dao
        ServerResponse<User> response=iUserService.login(username,password);

        if (response.isSuccess()){ //判断成功后需要将用户放入session缓存中 key使用常量
                session.setAttribute(Const.CURRENT_USER,response.getData());
        }
        return  response;
    }
    /***
     * 退出登录接口
     * @param session
     * @return
     */
    @RequestMapping(value = "logout.do" ,method = RequestMethod.POST)
    @ResponseBody
    public ServerResponse<User> logout(HttpSession session){
            session.removeAttribute(Const.CURRENT_USER);
            return ServerResponse.createBySuccess();
    }

    /***
     * 用户注册接口
     * @param user
     * @return
     */
    @RequestMapping(value = "register.do" ,method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<String> register(User user){
            return  iUserService.register(user);
    }

    @RequestMapping(value = "check_valid.do" ,method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<String> checkValid(String str, String type){ //需要对type 进行判断 判断是用户名username 还是email
            return  iUserService.checkValid(str,type);
    }

    /***
     * 获取用户信息
     *1.从session缓存中获取当前用户强制转化成一个user对象
     *2.对获取的user对象进行非空判断 如果不为空 返回user对象 否则返回错误提示信息
     * @param session
     * @return
     */
    @RequestMapping(value = "get_user_info.do" ,method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<User> getUserInfo(HttpSession session){
        User user= (User) session.getAttribute(Const.CURRENT_USER); //获取缓存中当前用户的信息
        if(user!=null){
            return  ServerResponse.createBySuccess(user);
        }
        return  ServerResponse.createByErrorMessage("用户未登录，无法获取当前用户的信息");
    }

    /***
     *忘记密码 （根据用户名 返回密码提示问题）
     * @param username
     * @return
     */
    @RequestMapping(value = "forget_get_question.do",method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<String> forgetGetQuestion(String username){
        return iUserService.selectQuestion(username);
    }

    /***
     * 提示问题和答案
     * @param username
     * @param question
     * @param answer
     * @return
     */
    @RequestMapping(value = "forget_check_answer.do" ,method = RequestMethod.POST)
    @ResponseBody
    public ServerResponse<String > forgetCheckAnswer(String username,String question, String answer){
        return iUserService.checkAnswer(username,question,answer);
    }
    /***
     * 登录状态下的修改密码 根据userId 避免横向越权的情况出现
     * @param session
     * @param passwordOld
     * @param passwordNew
     * @return
     */
    @RequestMapping(value = "rest_password.do" ,method = RequestMethod.POST)
    @ResponseBody
    public ServerResponse<String> resetPassword(HttpSession session,String passwordOld,String passwordNew ){
        User user= (User) session.getAttribute(Const.CURRENT_USER);
        if (user==null){
            return  ServerResponse.createByErrorMessage("当前用户没有登录");
        }
        return  iUserService.resetPassword(passwordOld,passwordNew,user);
    }

    /***
     * 忘记密码中的如何修改密码
     * @param username
     * @param password
     * @param forgetToken
     * @return
     */
    @RequestMapping(value = "forget_rest_password.do" ,method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken){
            return iUserService.forgetResetPassword(username,passwordNew,forgetToken);
    }

    /***
     * 更新个人用户信息
     * @param session
     * @param user
     * @return
     */
    @RequestMapping(value = "update_information.do" ,method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<User> update_information(HttpSession session,User user){
        User currentUser= (User) session.getAttribute(Const.CURRENT_USER);
        if (currentUser==null){
            return  ServerResponse.createByErrorMessage("用户没有登录");
        }
        //防止横向越权问题的出现 userid和username都是用缓存中获取
        user.setId(currentUser.getId());
        user.setUsername(currentUser.getUsername());
        ServerResponse<User> response=iUserService.updateInformation(user);
        if (response.isSuccess()){
            response.getData().setUsername(currentUser.getUsername()); //获取更新后的用户名称 供台前使用
            session.setAttribute(Const.CURRENT_USER,response.getData());//将个人信息存到缓存中
        }
        return   response;
    }

    /***
     * 根据缓存中的用户id 获取用户信息
     * @param session
     * @return
     */
    @RequestMapping(value = "get_information.do" ,method = RequestMethod.POST)
    @ResponseBody
    public  ServerResponse<User> get_information(HttpSession session){
        User currentUser= (User) session.getAttribute(Const.CURRENT_USER);
        if (currentUser==null){
            return  ServerResponse.createByErrorCodeMessage(ResponseCode.NEED_LOGIN.getCode(),"未登录 需要强制登录status=10");
        }
        return  iUserService.getInformation(currentUser.getId());

    }



 }
